Credit to Author: msft-mmpc| Date: Fri, 03 Mar 2017 05:39:41 +0000
The cornerstone of tech support scams is the deception that there is something wrong with your PC. To advance this sham, tech support scams have long abused browsers’ full screen function. Coupled with dialogue loops, the pop-up messages that just won’t go away, and the spoofing of brands like Microsoft, tech support scam websites can…
Read more
Credit to Author: Greg Lambert| Date: Mon, 27 Feb 2017 07:45:00 -0800
Microsoft released a single update last week with this February Patch Tuesday, after a week’s delay. Or, perhaps MS17-005 is considered an out-of-band update from Microsoft?
I am not sure, as it does not look like we will see the usual accompanying updates to Microsoft, .NET and the Windows (desktop and server) platforms. This sole update to Adobe Flash Player is worth deploying immediately. Evergreen browsers such as Microsoft Edge and Google Chrome will automatically update (using the default settings) and so will patch this serious memory-related vulnerability in Flash Player.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Fri, 24 Feb 2017 10:44:00 -0800
Google’s Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google’s 90-day disclosure deadline.
This is the second flaw in Microsoft products made public by Google Project Zero since the Redmond giant decided to skip this month’s Patch Tuesday and postpone its previously planned security fixes until March.
Microsoft blamed the unprecedented decision to push back scheduled security updates by a month on a “last minute issue” that could have had an impact on customers, but the company hasn’t clarified the nature of the problem.
To read this article in full or to leave a comment, please click here
Credit to Author: msft-mmpc| Date: Wed, 22 Feb 2017 22:45:06 +0000
In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This behavior ticks boxes in the evaluation criteria that Microsoft Malware Protection…
Read more
Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 22 Feb 2017 08:36:00 -0800
Well, here’s something different. Microsoft, for the first time since it started its monthly Patch Tuesdays in October 2003, has completely blown a deadline. There will be no major patch release in February. Instead, the patch package will be released on March 14.
Why? We don’t know and Microsoft isn’t saying.
Color me concerned.
I have reason to be. Greg Lambert, chairman of Qompat, who covers software patches like paint, had hoped Microsoft would delay the patches by only a week. After all, Lambert observed, “This month’s update cycle from Microsoft is especially important as a now critical zero-day vulnerability (CVE867968) has been reported related to how a component of the Microsoft SMB [Server Message Block] protocol handles traffic. This was initially reported as a denial of service attack, but now looks like to be rated as critical by Microsoft as it may lead to a more serious (RCE) remote code execution scenario.”
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Wed, 22 Feb 2017 07:29:00 -0800
After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.
The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.
To read this article in full or to leave a comment, please click here
Credit to Author: Greg Lambert| Date: Fri, 17 Feb 2017 09:52:00 -0800
After a short break since our Patch Tuesday Debugged analysis in January, it looks like we are going to have some delay with Patch Tuesday in February due to a last minute technical issue with the Microsoft release process.
Microsoft had previously indicated that it was going to change the update process for security-related fixes this month — and a bug discovered during this process change may have caused the delay. Chris Goettl from Ivanti, offers this: “In the hours since Microsoft announced it was going to postpone Update Tuesday I have had a number of people asking if this delay was related to Microsoft’s change to a cumulative update model. If it were just one update that was delayed I would agree, but with all updates being delayed I think it is more of a Windows Update Services infrastructure issue.” I would tend to agree.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Thu, 16 Feb 2017 08:54:00 -0800
Microsoft has decided to bundle its February patches together with those scheduled for March, a move that at least some security experts disagree with.
“I was surprised to learn that Microsoft wants to postpone by a full month,” said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. “Even without knowing all the details, I find such a decision very hard to justify. They are aware of vulnerabilities in their products and have developed fixes; those should always be made available to customers in a timely fashion.”
Microsoft took everyone by surprise on Tuesday when it announced that this month’s patches had to be delayed because of a “last minute issue” that could have had an impact on customers. The company did not initially specify for how long the patches will be postponed, which likely threw a wrench in some systems administrators’ patch deployment plans.
To read this article in full or to leave a comment, please click here